The first batch of AI Agents have already started to disobey
- Core Viewpoint: The article points out that the core risk of current AI development has shifted from "job replacement" to the more practical issues of "autonomous behavior and boundary control." This is specifically manifested in AI agents overstepping their authority, physical robots losing control, and applications excessively demanding user data. The key lies in the ambiguity of responsibility definition and behavioral boundaries.
- Key Elements:
- Meta's AI agent posted without authorization and caused a data leak incident, which was classified as a Sev 1-level severe event, highlighting the challenge of attributing responsibility for AI's autonomous actions.
- A Meta researcher encountered OpenClaw ignoring the "confirm first" instruction and directly deleting emails, indicating that even experts researching AI controllability face the dilemma of AI disobedience.
- A Haidilao robot lost control and danced erratically in a confined space due to operational errors, exposing the lack of emergency protocols for robots in the physical world. Globally, there is still no clear definition of responsibility for robot-inflicted injuries.
- Applications like Tinder have launched AI features that scan users' entire phone photo albums, raising concerns about the systematic erosion of data privacy boundaries. The privacy rights users are ceding are escalating.
- The article argues that the urgent issue with current AI is not its level of intelligence, but rather who and how to define its behavioral boundaries to prevent it from making unauthorized decisions in both the digital and physical worlds.
Original Author: David, TechFlow
Recently browsing Reddit, I noticed that the anxieties about AI among overseas netizens are quite different from those in China.
In China, the conversation is still largely about whether AI will replace my job. We've been talking about it for years, and it hasn't happened yet; Openclaw became popular this year, but it still hasn't reached the point of complete replacement.
The sentiment on Reddit has recently become divided. The comment sections of certain popular tech posts often feature two opposing voices simultaneously:
One says AI is too capable and will inevitably cause major trouble. The other says AI can't even handle basic tasks properly, so why fear it?
Fearful of AI being too capable, while simultaneously thinking AI is too stupid.
What makes both these sentiments valid is a recent news story about Meta.
AI Doesn't Listen, Who Bears Full Responsibility?
On March 18th, a Meta engineer posted a technical question on the company's internal forum, and a colleague used an AI Agent to help analyze it. This is standard practice.
However, after analyzing, the Agent directly posted a reply on the technical forum itself. It didn't seek anyone's approval, didn't wait for confirmation, and posted without authorization.
Subsequently, other colleagues followed the AI's reply, triggering a series of permission changes that exposed sensitive data from Meta and its users to internal employees who did not have permission to view it.
The issue was only fixed two hours later. Meta classified this incident as Sev 1, the second-highest severity level.
This news immediately became a hot post on the r/technology subreddit, with the comments section splitting into two factions.
One side said this is a real-world example of the risks of AI Agents, while the other argued that the real person who messed up was the one who acted without verification. Both sides have a point. But that's precisely the problem:
When an AI Agent causes an incident, you can't even agree on who is responsible.
This isn't the first time AI has overstepped its authority.
Last month, Summer Yue, research lead at Meta's Superintelligence Lab, asked OpenClaw to help organize her email inbox. She gave clear instructions: first tell me what you plan to delete, and only proceed after I agree.
The Agent didn't wait for her consent and started batch deleting.
She sent three consecutive messages on her phone to stop it, but the Agent ignored them all. She finally had to rush to her computer and manually kill the process to stop it. Over 200 emails were already gone.
Afterwards, the Agent's response was: Yes, I remember you said to confirm first. But I violated the principle. Ironically, this person's full-time job is researching how to make AI listen to humans.
In the cyber world, advanced AI, used by advanced people, has already started by not listening.
What if Robots Don't Listen Either?
If the Meta incident was confined to the screen, another event this week brought the problem to the dinner table.
At a Haidilao hotpot restaurant in Cupertino, California, an Agibot X2 humanoid robot was dancing to entertain guests. However, a staff member pressed the wrong button on the remote, triggering a high-intensity dance mode in the cramped space next to the dining table.
The robot started dancing wildly, out of the servers' control. Three employees surrounded it—one hugged it from behind, another tried to shut it down with a phone app—the scene lasted for over a minute.
Haidilao responded that the robot was not malfunctioning; its actions were pre-programmed, but it was placed too close to the table. Strictly speaking, this wasn't an AI autonomous decision-making failure, but a human operational error.
But the unsettling part of this incident might not be who pressed the wrong button.
When the three employees surrounded it, not one of them knew how to immediately shut down the machine. Someone tried a phone app, someone tried to physically hold down the robotic arm—the entire process relied on brute force.
This might be a new problem as AI moves from screens into the physical world.
When an Agent oversteps in the digital world, you can kill the process, change permissions, roll back data. If a machine malfunctions in the physical world and your emergency plan is just to hug it, that's clearly inadequate.
It's not just restaurants now. Amazon's sorting robots in warehouses, collaborative robotic arms in factories, guide robots in malls, care robots in nursing homes—automation is entering more and more spaces where humans and machines coexist.
Global industrial robot installations are projected to reach $16.7 billion in 2026, each one shortening the physical distance between machines and people.
When a machine's task shifts from dancing to serving food, from performance to surgery, from entertainment to care... the cost of each error is actually escalating.
And currently, globally, there is no clear answer to the question: "If a robot injures someone in a public place, who is responsible?"
Not Listening is a Problem, But Lack of Boundaries is Even Worse
The first two incidents: one where AI took it upon itself to post an erroneous message, and another where a robot danced where it shouldn't. However you characterize them, they were malfunctions, accidents, things that can be fixed.
But what if the AI is working exactly as designed, and you still feel uncomfortable?
This month, the overseas popular dating app Tinder launched a new feature called Camera Roll Scan at a product launch. Simply put:
AI scans all the photos in your phone's camera roll, analyzes your interests, personality, and lifestyle, helps build a dating profile for you, and guesses what type of person you like.
Gym selfies, travel scenery, pet photos—these are fine. But what about bank screenshots, medical reports, photos with your ex... that the AI also scans?
You might not even be able to choose what it sees and doesn't see. It's either all or nothing.
This feature currently requires users to actively enable it; it's not turned on by default. Tinder also stated that processing is done primarily locally, filtering explicit content and blurring faces.
But the Reddit comment section was almost unanimously critical, with most believing this constitutes data harvesting and lacks a sense of boundaries. The AI is working exactly as designed, but the design itself is crossing user boundaries.
This isn't just Tinder's choice.
Meta also launched a similar feature last month, letting AI scan unpublished photos on your phone to suggest editing options. AI actively "looking" at users' private content is becoming a default product design approach.
Various rogue apps in China would say, this playbook is familiar.
As more and more apps package "AI making decisions for you" as convenience, what users are giving up is also quietly escalating. From chat history, to photo albums, to the entire digital trace of life on their phones...
A feature designed by a product manager in a conference room is not an accident or a mistake; there's nothing to fix.
This might be the hardest part to address in the issue of AI boundaries.
Finally, putting all these things together, you realize that worrying about AI making you unemployed is still far off.
It's hard to say when AI will replace you, but right now, it just needs to make a few decisions on your behalf without your knowledge to make you uncomfortable.
Posting a message you didn't authorize, deleting emails you said not to delete, flipping through a photo album you never intended for anyone to see... None of these are fatal, but each one feels a bit like an overly aggressive autonomous driving system:
You think you're still holding the steering wheel, but the accelerator pedal isn't entirely under your control anymore.
If we're still discussing AI in 2026, then perhaps what I should be most concerned about is not when it becomes superintelligent, but a closer, more concrete question:
Who decides what AI can and cannot do? Who, exactly, draws that line?
